Page 1
Discrete Methods in Mathematical InformaticsLecture 1: What is Elliptic Curve?
9th October 2012
Vorapong Suppakitpaisarnhttp://www-imai.is.s.u-tokyo.ac.jp/~mr_t_dtone/
[email protected] , Eng. 6 Room 363Download Slide at: https://www.dropbox.com/s/xzk4dv50f4cvs18/Lecture
%201.pptx?m
Page 2
First Section of This Course [5 lectures]
Lecture 1: What is
Elliptic Curve?
Lecture 2: Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve Cryptography
Lecture 5: Factoring
and Primality Testing
L. C. Washington, “Elliptic Curves: Number Theory and Cryptography”, Chapman &
Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
Recommended Reading
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren, "Handbook of Elliptic and Hyperelliptic
Curve Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve Cryptography Engineering", Proc. of IEEE Vol. 94,
No. 2, pp. 395-406 (2006).
In each lecture, 1-2 exercises will be given,
Choose 3 Problems out of them.
Submit to
[email protected]
before 31 Dec 2012
Grading
Page 3
First Section of This Course [5 lectures]
Lecture 1: What is
Elliptic Curve?
Lecture 2: Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve Cryptography
Lecture 5: Factoring
and Primality Testing
L. C. Washington, “Elliptic Curves: Number Theory and Cryptography”, Chapman &
Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
Recommended Reading
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren, "Handbook of Elliptic and Hyperelliptic
Curve Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve Cryptography Engineering", Proc. of IEEE Vol. 94,
No. 2, pp. 395-406 (2006).
In each lecture, 1-2 exercises will be given,
Choose 3 Problems out of them.
Submit to
[email protected]
before 31 Dec 2012
Grading
Page 4
Problem 1: The Artillerymens Dilemma (is not a) Puzzle
http://cashflowco.hubpages.com/
?
Height = 0: 0 Ball Square
Height = 1: 1 Ball Square
Height = 2: 1 + 4 = 5 Balls Not Square
Height = 3: 1 + 4 + 9 = 14 Balls Not Square
Height = 4: 1 + 4 + 9 + 16 = 30 Balls Not Square
2232222
61
21
31
6121321 yxxx)x)(x(xx...
Elliptic Curve
Page 5
Problem 1: The Artillerymens Dilemma (is not a) Puzzle (cont.)
223
61
21
31 yxxx
(0,0)
(1,1)
y = x
223
61
21
31 xxxx
021
23 23 xxx
0)()(
0))()((23
abcxbcacabxcbaxcxbxax
a,b,cequation the of roots
are that Suppose
solution. another is 21 y ,
21 x thatknow We
21
2310
c
ccba
(1/2,1/2)
Page 6
Problem 1: The Artillerymens Dilemma (is not a) Puzzle (cont.)
223
61
21
31 yxxx
(0,0)
(1,1)
y = x
(1/2,1/2)
(1/2,-1/2)
y = 3x-2
223 )23(61
21
31
xxxx
0...251 23 xx
2511
21
x
70,24 yx
2222 7024...21
70 Length Square for 24 Height Pyramid
Page 7
Problem 2: Right Triangle with Rational Sides
We want to find a right triangle with rational sides
in which area = 5
3
4
5
6
15
8
17
60
15/2
4
17/2
155
5
510
Page 8
Problem 2: Right Triangle with Rational Sides (cont.)
a
b
c
ab/2 = 5
22210 cb, aab
524
1024
22
22222
ccbababa
524
1024
22
22222
ccbababa
numbers rational of square are 2c
2c
numbers rational are
5,2
,5
2,
2,
2222
c
bacba
23 25)5()5( yxxxxx
Elliptic Curve
425
x
num rational of square
a not is 45 but
curve,elliptic of solution a is
445,
Note
Page 9
Problem 2: Right Triangle with Rational Sides (cont.)
23 25 yxx
(-4,6)1223
)6(225)4(3
2253
2)253(
)()25(
22
2
23
yx
xy
yyxxyxx
341)4(
1223)6(
1223
c
cxy341
1223
xy
Page 10
Problem 2: Right Triangle with Rational Sides (cont.)
23 )341
1223(25 xxx
0...144529 23 xx
0)()(
0))()((23
abcxbcacabxcbaxcxbxax
a,b,cequation the of roots
are that Suppose
2
641
1441681
14452944
0)))(4())(4((
x
x
cxxx
23 25 yxx
(-4,6)
341
1223
xy
(1681/144,62279/1728)
Page 11
Problem 2: Right Triangle with Rational Sides (cont.)
22
22
22
21249
14424015
21231
1449615
21241
bax
bax
cx
23,
320
6492
1249
6312
1231
6412
1241
ba
ba
ba
c
20/3
3/2
41/6
5
23 25 yxx
(-4,6)
341
1223
xy
(1681/144,62279/1728)
Page 12
Exercises
5. area withtriangle right another find to
at line tangent the Use )172862279,
1441681(),( yx
Exercise 1
Exercise 2
numbers. rational of squares are that such point a in curve the intersects
at curve this to line tangent the then , and
satisfying numbers rational are if thatShow integer. an be Let
nn,x,xx),y(x(x,y)n,xxnxy
x, yn
11111
232 0,
Page 13
Problem 3: Fermat’s Last Theorem
http://wikipedia.com/
nnn cba
a,b,cn
that such integers nonzero no is there
, Given 3
• Conjectured by Pierre de Fermat in Arithmetica (1637).
“I have discovered a marvellous proof to this theorem, that this margin
is too narrow to contain”
• There are more than 1,000 attempts, but
the theorem is not proved until 1995 by
Andrew Wiles.
• One of his main tools is Elliptic Curve!!!
Page 14
Problem 3: Fermat’s Last Theorem (cont.)
nnn cbaa,b,c
n
that such integers nonzero no is there
, Given 3• Fermat kindly provided the proof for the case when n = 4
2
22
2
22 )(4,a
cbbya
cbx
xxy 432 Elliptic Curve
By several elliptic curves techniques, Fermat found that all rational solutions of the elliptic curve are (0,0),
(2,0), (-2,0)
Page 15
Formal Definitions of Elliptic Curve
0274 2332 BABAxxy when
B}AxxL|yL{(x,y)}{E(L) 32
223
61
21
31 yxxx
(0,0)
(1,1)
y = x
(1/2,1/2)
(1/2,-1/2)
Weierstrass Equation
Elliptic Curve
.
)(),(),,(
33
33
21
2211
)y,(xQP
),y(xRQP
Q PxxLEyxQyxP
3.curve. the cut line the that
point another , point Find 2. and point pass that line aDraw 1.
:follows as define we, If
Point Addition
)21,
21()1,1()0,0(
Page 16
Formal Definitions of Elliptic Curve (cont.)
.
)(),(),,(
33
33
21
2211
)y,(xQP
),y(xR
QPQ Pxx
LEyxQyxP
3.
curve. the cut line the thatpoint another , point Find 2.
and point pass that line aDraw 1.:follows as define we, If
Point Addition
)( 11
12
12
xxmyyxxyym
0...
))((223
311
32
xmx
BAxxyxxmBAxxy
212
3 xxmx
1133 )( yxxmy
Page 17
Formal Definitions of Elliptic Curve (cont.)
223
61
21
31 yxxx
x = 1/2
(1/2,1/2)
(1/2,-1/2)
QPyyxxLEyxQyxP
, , If 2121
2211 )(),(),,(
Point Addition
,PP
)y, (xP P PQ P
),y(xR
yyxxLEyxQyxP
33
33
221
2211
2
)(),(),,(
3.curve. the cut
line the that point another Find 2.P. point at curve the touching line aDraw 1.
, If 1
Point Double
172862279,
1441681)6,4()6,4()6,4(2
23 25 yxx
(-4,6)
341
1223
xy
(1681/144,62279/1728)
Page 18
Formal Definitions of Elliptic Curve (cont.)
Point Double
)( 11 xxmyy
0...
))((223
311
32
xmx
BAxxyxxmBAxxy
12
3 2xmx
1133 )( yxxmy
)y, (xP P PQ P
),y(xR
yyxxLEyxQyxP
33
33
221
2211
2
)(),(),,(
3.
curve. the cutline the that point another Find 2.
P. point at curve the touching line aDraw 1. , If 1
yAx
xym
xAxyyBAxxy
23
)3(22
2
32
Page 19
First Section of This Course [5 lectures]
Lecture 1: What is
Elliptic Curve?
Lecture 2: Elliptic Curve
Cryptography
Lecture 3-4:
Fast Implementation
for Elliptic Curve Cryptography
Lecture 5: Factoring
and Primality Testing
L. C. Washington, “Elliptic Curves: Number Theory and Cryptography”, Chapman &
Hall/CRC, 2003.
• Lecture 1: Chapter 1, Chapter 2 (2.1, 2.2)
• Lecture 2: Chapter 6 (6.1 – 6.6)
• Lecture 5: Chapter 7
Recommended Reading
H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren, "Handbook of Elliptic and Hyperelliptic
Curve Cryptography", Chapman & Hall/CRC, 2005.
A. Cilardo, L. Coppolino, N. Mazzocca, L. Romano, "Elliptic Curve Cryptography Engineering", Proc. of IEEE Vol. 94,
No. 2, pp. 395-406 (2006).
In each lecture, 1-2 exercises will be given,
Choose 3 Problems out of them.
Submit to
[email protected]
before 31 Dec 2012
Grading
Page 20
Exercises
5. area withtriangle right another find to
at line tangent the Use )172862279,
1441681(),( yx
Exercise 1
Exercise 2
numbers. rational of squares are that such point a in curve the intersects
at curve this to line tangent the then , and
satisfying numbers rational are if thatShow integer. an be Let
nn,x,xx),y(x(x,y)n,xxnxy
x, yn
11111
232 0,
Page 21
Thank you for your attentionPlease feel free to ask questions or comment.
Page 22
Scalar Multiplication• Scalar Multiplication on Elliptic Curve
S = P + P + … + P = rP
when r1 is positive integer, S,P is a member of the curve• Double-and-add method• Let r = 14 = (01110)2
Compute rP = 14P r = 14 = (0 1 1 1 0)2 Weight = 3
P 3P 7P 14P
6P2P 14P
3 – 1 = 2 Point Additions
4 – 1 = 3 Point Doubles
r times
O